After Google bought Nest, a home device monitoring company, Nest’s co-founder said “the data we collect is all about our products and improving them. If there were ever any changes whatsoever, we would be sure to be transparent about it, number one, and number two for you to opt-in to it…”

Unfortunately we have heard these Google privacy promises many times before, only to be badly disappointed when Google eventually breaks them.

Remember in 2010, the FTC ruled Google “violated its own privacy promises to consumers when it launched its social network, Google Buzz” by exposing private emails to the public by design. As a result, the FTC required Google to implement a comprehensive privacy compliance program. However, just after the ink dried on starting that compliance program, the FTC ruled that Google violated their public privacy promises yet again when it secretly bypassed Apple’s iPhone privacy settings to serve Google ads to Apple’s customers. The FTC levied a record privacy fine on Google for this deceptive privacy practice.

Sadly and ironically last week, EPIC had to complain yet again that Google+’s social network is violating these same privacy promises by exposing gMail private emails to strangers. This is a very similar social media privacy violation to the one that Google Buzz perpetrated, and that required a comprehensive privacy program that in turn was supposed to stop broken privacy promises just like this.

Also last week, the Canadian Privacy Authority found that Google violated its privacy promises in targeting people with health care ads based on health-sensitive search topics that should have been treated as private information under health privacy law.

This privacy violation of sensitive-health-information is particularly troubling given that this type of violation should have been prevented by the comprehensive compliance program Google was legally compelled to implement as part of its DOJ Non-Prosecution Agreement and $500 million DOJ penalty for knowingly advertising illegal drug imports over a period of years. An ongoing compliance privacy problem of this nature obviously indicates a weak Google commitment to complying with its privacy promises.

Even more disturbing, was Google’s inadequate response over the last few weeks to a Consumer Watchdog December letter to Google CEO Larry Page. That letter alerted Google to apparent online predators’ easy access to minors on Google+, and to Google continuing to refuse to protect the privacy and safety of minors by not allowing anyone, even parents of minors, to block predators from joining a minor’s Google+ circle.

Tellingly there is even more recent evidence of Google breaking its privacy promises.

Today, the EU’s Commissioner responsible for data privacy, Viviane Reding, complained about Google’s privacy violations saying: “Europeans have to get serious. If a company has broken the rules and failed to mend its ways, this should have serious consequences.” She was lamenting that EU countries have fined Google recently for violating EU privacy law and its privacy promises to EU consumers (France & Spain) to no avail. More Google privacy fines are expected soon from the Netherlands, Italy, the UK and Germany in hopes of somehow getting Google to abide by its privacy promises and privacy law.

Adding salt to the wound that Google does not live up to its EU privacy promises or respect EU privacy law, Google was arguing in a UK high court case last week that Google activities in the UK were not subject to UK privacy law because Google was headquartered in California.

In short, anyone who expects Google to keep its recent privacy promises related to various parts of the Internet of things, hasn’t been paying attention to how Google routinely has broken its past privacy promises to date.

***

Google's Disrespect for Privacy Series

Part 1: Why Google is the Biggest Threat to Americans' Privacy; House Testimony [7-18-08]